If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Ports 1029&1030 open

I went to GRC.com to do a port scan to make sure everything is ship shape with my firewall and security. GRC's scan reports that ports 1029&1030 are open.

Fine, then. I set up my firewall (ZoneAlarm Security Suite) to block incoming TCP and UDP requests to those ports. No luck. I forced ZoneAlarm to allow Windows Firewall (it's disabled by default) and activated it. No luck. I ran the ZoneAlarm AV and AS scans and also ran the Symantec online scans. Again, no luck (no infections or spyware found). I disabled DCOM and related activities thru a macro program aquired from GRC. No luck.

Something is obviously holding those two ports open. What could it be? I've looked at the svchost.exe processes in the task manager. There are at least a half dozen of them, but I'm not sure what exactly they are doing. 2 of them are "Network Services", but I'm not sure what applications could be using them.

Using Vista Home Premium. What I wonder is...how can an OS override the rules in my firewall? (If that is what's happening)

A computer running directly connected to the net... that's never good.. especially with things like MS08-067 floating around. Outside of this thread, I'd suggest you sink a few bucks into a router and put your computer behind that...

We can figure out what's causing it though.

If you run netstat -anb (you'll most likely need to run your command prompt as Administrator -- Right Click --> Run As Administrator) you should get output like this:

I've truncated the list, but you can see from the bolded line above that Eventlog within SVC Host is PID 932... now we know the cause of the problem. This should provide more potential information regarding the source of your problem.

Normally I would say that your ports in the 10xx range are RPC Endpoints, however in Vista these Endpoints appear to exist in roughly the 491xx range.

Maybe after you come back to us with the details from this we'll be able to provide further information.

As a side note... I'd put little to no stock in anything from GRC.com and anything related to GRC... It's as bad as reading the Guides to (Mostly) Harmless Hacking.

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Unbelievable! I have, and have had a WRT54G LinkSys router for a long time, but I could never get it to work under Vista. I uninstalled ZoneAlarm, shut down my computer, reset my modem and router (both LinkSys), hooked everything back up and restarted. Viola! Everything works perfectly. All functional capabilities of the router (wireless/wired/gateway/router, etc) work just fine. Could it have been me just screwing around with the ZoneAlarm or LinkSys settings that messed things up, or did ZA make some modifications that would force their product to work with Vista and thusly compromise my security? I realize that's a loaded question, but getting rid of ZoneAlarm and resetting all of the hardware to its factory presets makes me wonder what's going on. My subscription to ZA is just about up anyway, so I think I'm going shopping for a new Firewall/AV/AS solution. Any recommendations?

For what it's worth, HT, after the drastic changes...GRC came up clean. I know you don't like Gibson, but it is a useful touchstone as far as the port scanning. I don't know of any other website that offers that in a user-friendly environment. If you have suggestions, please offer them.

For anti-spyware try Super AntiSpyware and Spybot Search & Destroy. Spybot has a useful (if somewhat annoying) registry protection feature. There are actually a ton of great anti-spyware applications out there.

Antivirus is a bit more tricky. There are several decent ones. I like Webroot's newer antivirus.

For a firewall, steer clear of Kaspersky and Symantec's products. They tend to do more harm than good. McAfee sucks too. Perhaps look into Comodo? I've heard good things about it.

For network testing, try scanning your own IP using nmap (various different types of scans including -sS) from somebody else's network.

Also checkout Systernals' Process Explorer as an alternative to Task Manager. It will help show you what's running a lot better. I see that HTRegz has already pointed out tasklist /svc, which is very helpful.

Tried out Norton Security Suite. Looked good, light-weight, user-friendly. Would have bought it, but then I remembered that my ISP (Charter Communications) offers a Security Suite that is included in the cost of my subscription. Talk about losing the forest for the trees.

It's essentially a branded version of F-Secure software. Has all the functions of an ISS that I expect and need, and it comes at no additional cost to me. Sweet. I don't know why or how I trapped myself into thinking that I had to shop around for security software, when a perfectly good solution was mine for the taking all along.